1405 matches found
EUVD-2023-23583
Malicious code in bioql PyPI...
EUVD-2023-54369
Malicious code in bioql PyPI...
EUVD-2023-12426
Malicious code in bioql PyPI...
EUVD-2023-12139
Malicious code in bioql PyPI...
EUVD-2022-51804
Malicious code in bioql PyPI...
EUVD-2023-12240
Malicious code in bioql PyPI...
EUVD-2023-12170
Malicious code in bioql PyPI...
EUVD-2023-12442
Malicious code in bioql PyPI...
EUVD-2022-52109
Malicious code in bioql PyPI...
EUVD-2023-12261
Malicious code in bioql PyPI...
CVE-2025-10131 All Social Share Options <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The All Social Share Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sc' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress plugin Evenium 跨站脚本漏洞
The Evenium plugin is an event management tool for the WordPress platform for creating and integrating Evenium meeting management features. Evenium plugin version 1.3.11 and prior versions suffer from a stored XSS vulnerability that stems from insufficient filtering of shortcode user input...
CVE-2025-9058
The Mikado Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-leve...
CVE-2025-9519
The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and...
CVE-2025-8622
The Flexible Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flexible Maps shortcode in all versions up to, and including, 1.18.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-7649
The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-7649 Surbma | Recent Comments Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-6200
The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-6200
The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-6200 GeoDirectory < 2.8.120 - Contributor+ Stored XSS
The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...